Computer Crime Research Center

Cybercrime strikes you?

With an increasing amount of business being done online, the chances are growing that you, or your company, may become a victim of online criminal activity.

It could be as simple as a customer who buys from your website with a stolen credit card, or as complex as being lured to invest in a multimillion-dollar deal only to learn that the glowing stories about it on a financial news website were bogus. It might be the mushrooming crime of personal or corporate identity theft.

According to Ontario Provincial Police Staff Sgt. Barry Elliott, creator and co-ordinator of an anti-fraud group called Phonebusters.com, more than 9,000 Canadians have reported identity theft losses totaling $7.1 million this year, "and we're tracking for a total number of complaints in the 11,000 to 12,000 range."

If cybercrime strikes you, who ya gonna call?

Your bank or credit card companies would be your first resort. They all maintain large and growing cyberfraud units. Next come the police, but keep in mind that if you involve them you may lose control of the investigation and how it is explained to the public. Some businesses choose to swallow a loss rather than risk having their gullibility or lax controls exposed in the media.

What if the cyberfraud is international? Who do the local police call? Other police. However, the results are not always very helpful. As one U.S. cybercrime investigator put it, "when the trail leads to the People's Republic of China (PRC), the information flow seems to abruptly stop."

Chinese authorities admit they have home-grown cybercriminals, and also that very few have been brought to justice. But they say they're trying to do better, perhaps spurred on by China's new World Trade Organization membership and the upcoming Olympic Games.

More than 200 world experts on cybercrime gathered recently for a meeting of the Society for the Policing of Cyberspace, with major sponsorship from Motorola and Microsoft.

Usually held in Vancouver, this year's International Summit took place in Guangzhou (formerly Canton), a bustling city in the PRC not far from Hong Kong.

Over four days, police, legal and technical experts tried to bridge the gap in international cybercrime enforcement, while, of course, making time for tours and socializing.

The distance from Hong Kong to Guangzhou may be short, but there's a huge cultural gap. When we visited Microsoft's Asian security experts at their office in Hong Kong's shiny new Cyberport, we could have been in a corporate boardroom in Calgary or Redmond, Wash.

At the Guangzhou Public Security Commanding Center, on the other hand, there was little doubt that we were in a country that still heeds the words of Chairman Mao that "the individual is subordinate to the organization."

Hidden computer monitors rise up from a gigantic conference table at the push of a button. Dozens of large video screens display the activities of citizens, up close and personal, from both street level and overhead cameras. The very layout of the place conveys an air of a no-nonsense command and control.

Chinese conference presenters, from police to prosecutors to judges, cited the 1997 changes to the China's Criminal Code that introduced crimes such as "invading a computer information system, increasing or jamming the functions of the computer information system," and even "teaching another person how to commit a computer crime."

That can draw a sentence of five years in jail.

However, it's clear that the emphasis so far has been on prosecuting China's economic cybercriminals. Articles 264 and 266 of the PRC Criminal Code deal with "stealing a relatively large amount of public or private property" and "swindling public or private money or property.”

A handful of Chinese citizens have been tried, and a few actually imprisoned, for crimes such as cheating in online auctions and running illegal online gambling.
Original article